package com.blb.java10security.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    //必须是管理员角色
    @PreAuthorize("hasRole('管理员')")
    @RequestMapping("/hello1")
    public String hello1(){
        return "Hello 11111";
    }

    //可以使用and or
    @PreAuthorize("hasRole('仓管') and hasAuthority('盘点')")
    @RequestMapping("/hello2")
    public String hello2(){
        return "Hello 22222";
    }

    //多个权限有一个就可以
    @PreAuthorize("hasAnyAuthority('盘点','出库','入库')")
    @RequestMapping("/hello3")
    public String hello3(){
        return "Hello 33333";
    }
}
